1 /* SPDX-License-Identifier: GPL-2.0 OR MIT */
2 /**************************************************************************
4 * Copyright (c) 2009-2013 VMware, Inc., Palo Alto, CA., USA
7 * Permission is hereby granted, free of charge, to any person obtaining a
8 * copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sub license, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
15 * The above copyright notice and this permission notice (including the
16 * next paragraph) shall be included in all copies or substantial portions
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM,
23 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
24 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
25 * USE OR OTHER DEALINGS IN THE SOFTWARE.
27 **************************************************************************/
29 * Authors: Thomas Hellstrom <thellstrom-at-vmware-dot-com>
31 * While no substantial code is shared, the prime code is inspired by
34 * Dave Airlie <airlied@redhat.com>
35 * Rob Clark <rob.clark@linaro.org>
37 /** @file ttm_ref_object.c
39 * Base- and reference object implementation for the various
40 * ttm objects. Implements reference counting, minimal security checks
41 * and release on file close.
46 * struct ttm_object_file
48 * @tdev: Pointer to the ttm_object_device.
50 * @lock: Lock that protects the ref_list list and the
51 * ref_hash hash tables.
53 * @ref_list: List of ttm_ref_objects to be destroyed at
56 * @ref_hash: Hash tables of ref objects, one per ttm_ref_type,
57 * for fast lookup of ref objects given a base object.
60 #define pr_fmt(fmt) "[TTM] " fmt
62 #include <linux/list.h>
63 #include <linux/spinlock.h>
64 #include <linux/slab.h>
65 #include <linux/atomic.h>
66 #include "ttm_object.h"
68 struct ttm_object_file {
69 struct ttm_object_device *tdev;
71 struct list_head ref_list;
72 struct drm_open_hash ref_hash[TTM_REF_NUM];
77 * struct ttm_object_device
79 * @object_lock: lock that protects the object_hash hash table.
81 * @object_hash: hash table for fast lookup of object global names.
83 * @object_count: Per device object count.
85 * This is the per-device data structure needed for ttm object management.
88 struct ttm_object_device {
89 spinlock_t object_lock;
90 struct drm_open_hash object_hash;
91 atomic_t object_count;
92 struct ttm_mem_global *mem_glob;
93 struct dma_buf_ops ops;
94 void (*dmabuf_release)(struct dma_buf *dma_buf);
100 * struct ttm_ref_object
102 * @hash: Hash entry for the per-file object reference hash.
104 * @head: List entry for the per-file list of ref-objects.
108 * @obj: Base object this ref object is referencing.
110 * @ref_type: Type of ref object.
112 * This is similar to an idr object, but it also has a hash table entry
113 * that allows lookup with a pointer to the referenced object as a key. In
114 * that way, one can easily detect whether a base object is referenced by
115 * a particular ttm_object_file. It also carries a ref count to avoid creating
116 * multiple ref objects if a ttm_object_file references the same base
117 * object more than once.
120 struct ttm_ref_object {
121 struct rcu_head rcu_head;
122 struct drm_hash_item hash;
123 struct list_head head;
125 enum ttm_ref_type ref_type;
126 struct ttm_base_object *obj;
127 struct ttm_object_file *tfile;
130 static void ttm_prime_dmabuf_release(struct dma_buf *dma_buf);
132 static inline struct ttm_object_file *
133 ttm_object_file_ref(struct ttm_object_file *tfile)
135 kref_get(&tfile->refcount);
139 static void ttm_object_file_destroy(struct kref *kref)
141 struct ttm_object_file *tfile =
142 container_of(kref, struct ttm_object_file, refcount);
148 static inline void ttm_object_file_unref(struct ttm_object_file **p_tfile)
150 struct ttm_object_file *tfile = *p_tfile;
153 kref_put(&tfile->refcount, ttm_object_file_destroy);
157 int ttm_base_object_init(struct ttm_object_file *tfile,
158 struct ttm_base_object *base,
160 enum ttm_object_type object_type,
161 void (*refcount_release) (struct ttm_base_object **),
162 void (*ref_obj_release) (struct ttm_base_object *,
163 enum ttm_ref_type ref_type))
165 struct ttm_object_device *tdev = tfile->tdev;
168 base->shareable = shareable;
169 base->tfile = ttm_object_file_ref(tfile);
170 base->refcount_release = refcount_release;
171 base->ref_obj_release = ref_obj_release;
172 base->object_type = object_type;
173 kref_init(&base->refcount);
174 idr_preload(GFP_KERNEL);
175 spin_lock(&tdev->object_lock);
176 ret = idr_alloc(&tdev->idr, base, 1, 0, GFP_NOWAIT);
177 spin_unlock(&tdev->object_lock);
183 ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);
184 if (unlikely(ret != 0))
187 ttm_base_object_unref(&base);
191 spin_lock(&tdev->object_lock);
192 idr_remove(&tdev->idr, base->handle);
193 spin_unlock(&tdev->object_lock);
197 static void ttm_release_base(struct kref *kref)
199 struct ttm_base_object *base =
200 container_of(kref, struct ttm_base_object, refcount);
201 struct ttm_object_device *tdev = base->tfile->tdev;
203 spin_lock(&tdev->object_lock);
204 idr_remove(&tdev->idr, base->handle);
205 spin_unlock(&tdev->object_lock);
208 * Note: We don't use synchronize_rcu() here because it's far
209 * too slow. It's up to the user to free the object using
210 * call_rcu() or ttm_base_object_kfree().
213 ttm_object_file_unref(&base->tfile);
214 if (base->refcount_release)
215 base->refcount_release(&base);
218 void ttm_base_object_unref(struct ttm_base_object **p_base)
220 struct ttm_base_object *base = *p_base;
224 kref_put(&base->refcount, ttm_release_base);
228 * ttm_base_object_noref_lookup - look up a base object without reference
229 * @tfile: The struct ttm_object_file the object is registered with.
230 * @key: The object handle.
232 * This function looks up a ttm base object and returns a pointer to it
233 * without refcounting the pointer. The returned pointer is only valid
234 * until ttm_base_object_noref_release() is called, and the object
235 * pointed to by the returned pointer may be doomed. Any persistent usage
236 * of the object requires a refcount to be taken using kref_get_unless_zero().
237 * Iff this function returns successfully it needs to be paired with
238 * ttm_base_object_noref_release() and no sleeping- or scheduling functions
239 * may be called inbetween these function callse.
241 * Return: A pointer to the object if successful or NULL otherwise.
243 struct ttm_base_object *
244 ttm_base_object_noref_lookup(struct ttm_object_file *tfile, uint32_t key)
246 struct drm_hash_item *hash;
247 struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE];
251 ret = drm_ht_find_item_rcu(ht, key, &hash);
258 return drm_hash_entry(hash, struct ttm_ref_object, hash)->obj;
260 EXPORT_SYMBOL(ttm_base_object_noref_lookup);
262 struct ttm_base_object *ttm_base_object_lookup(struct ttm_object_file *tfile,
265 struct ttm_base_object *base = NULL;
266 struct drm_hash_item *hash;
267 struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE];
271 ret = drm_ht_find_item_rcu(ht, key, &hash);
273 if (likely(ret == 0)) {
274 base = drm_hash_entry(hash, struct ttm_ref_object, hash)->obj;
275 if (!kref_get_unless_zero(&base->refcount))
283 struct ttm_base_object *
284 ttm_base_object_lookup_for_ref(struct ttm_object_device *tdev, uint32_t key)
286 struct ttm_base_object *base;
289 base = idr_find(&tdev->idr, key);
291 if (base && !kref_get_unless_zero(&base->refcount))
299 * ttm_ref_object_exists - Check whether a caller has a valid ref object
300 * (has opened) a base object.
302 * @tfile: Pointer to a struct ttm_object_file identifying the caller.
303 * @base: Pointer to a struct base object.
305 * Checks wether the caller identified by @tfile has put a valid USAGE
306 * reference object on the base object identified by @base.
308 bool ttm_ref_object_exists(struct ttm_object_file *tfile,
309 struct ttm_base_object *base)
311 struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE];
312 struct drm_hash_item *hash;
313 struct ttm_ref_object *ref;
316 if (unlikely(drm_ht_find_item_rcu(ht, base->handle, &hash) != 0))
320 * Verify that the ref object is really pointing to our base object.
321 * Our base object could actually be dead, and the ref object pointing
322 * to another base object with the same handle.
324 ref = drm_hash_entry(hash, struct ttm_ref_object, hash);
325 if (unlikely(base != ref->obj))
329 * Verify that the ref->obj pointer was actually valid!
332 if (unlikely(kref_read(&ref->kref) == 0))
343 int ttm_ref_object_add(struct ttm_object_file *tfile,
344 struct ttm_base_object *base,
345 enum ttm_ref_type ref_type, bool *existed,
346 bool require_existed)
348 struct drm_open_hash *ht = &tfile->ref_hash[ref_type];
349 struct ttm_ref_object *ref;
350 struct drm_hash_item *hash;
351 struct ttm_mem_global *mem_glob = tfile->tdev->mem_glob;
352 struct ttm_operation_ctx ctx = {
353 .interruptible = false,
358 if (base->tfile != tfile && !base->shareable)
364 while (ret == -EINVAL) {
366 ret = drm_ht_find_item_rcu(ht, base->handle, &hash);
369 ref = drm_hash_entry(hash, struct ttm_ref_object, hash);
370 if (kref_get_unless_zero(&ref->kref)) {
380 ret = ttm_mem_global_alloc(mem_glob, sizeof(*ref),
382 if (unlikely(ret != 0))
384 ref = kmalloc(sizeof(*ref), GFP_KERNEL);
385 if (unlikely(ref == NULL)) {
386 ttm_mem_global_free(mem_glob, sizeof(*ref));
390 ref->hash.key = base->handle;
393 ref->ref_type = ref_type;
394 kref_init(&ref->kref);
396 spin_lock(&tfile->lock);
397 ret = drm_ht_insert_item_rcu(ht, &ref->hash);
399 if (likely(ret == 0)) {
400 list_add_tail(&ref->head, &tfile->ref_list);
401 kref_get(&base->refcount);
402 spin_unlock(&tfile->lock);
408 spin_unlock(&tfile->lock);
409 BUG_ON(ret != -EINVAL);
411 ttm_mem_global_free(mem_glob, sizeof(*ref));
418 static void __releases(tfile->lock) __acquires(tfile->lock)
419 ttm_ref_object_release(struct kref *kref)
421 struct ttm_ref_object *ref =
422 container_of(kref, struct ttm_ref_object, kref);
423 struct ttm_base_object *base = ref->obj;
424 struct ttm_object_file *tfile = ref->tfile;
425 struct drm_open_hash *ht;
426 struct ttm_mem_global *mem_glob = tfile->tdev->mem_glob;
428 ht = &tfile->ref_hash[ref->ref_type];
429 (void)drm_ht_remove_item_rcu(ht, &ref->hash);
430 list_del(&ref->head);
431 spin_unlock(&tfile->lock);
433 if (ref->ref_type != TTM_REF_USAGE && base->ref_obj_release)
434 base->ref_obj_release(base, ref->ref_type);
436 ttm_base_object_unref(&ref->obj);
437 ttm_mem_global_free(mem_glob, sizeof(*ref));
438 kfree_rcu(ref, rcu_head);
439 spin_lock(&tfile->lock);
442 int ttm_ref_object_base_unref(struct ttm_object_file *tfile,
443 unsigned long key, enum ttm_ref_type ref_type)
445 struct drm_open_hash *ht = &tfile->ref_hash[ref_type];
446 struct ttm_ref_object *ref;
447 struct drm_hash_item *hash;
450 spin_lock(&tfile->lock);
451 ret = drm_ht_find_item(ht, key, &hash);
452 if (unlikely(ret != 0)) {
453 spin_unlock(&tfile->lock);
456 ref = drm_hash_entry(hash, struct ttm_ref_object, hash);
457 kref_put(&ref->kref, ttm_ref_object_release);
458 spin_unlock(&tfile->lock);
462 void ttm_object_file_release(struct ttm_object_file **p_tfile)
464 struct ttm_ref_object *ref;
465 struct list_head *list;
467 struct ttm_object_file *tfile = *p_tfile;
470 spin_lock(&tfile->lock);
473 * Since we release the lock within the loop, we have to
474 * restart it from the beginning each time.
477 while (!list_empty(&tfile->ref_list)) {
478 list = tfile->ref_list.next;
479 ref = list_entry(list, struct ttm_ref_object, head);
480 ttm_ref_object_release(&ref->kref);
483 spin_unlock(&tfile->lock);
484 for (i = 0; i < TTM_REF_NUM; ++i)
485 drm_ht_remove(&tfile->ref_hash[i]);
487 ttm_object_file_unref(&tfile);
490 struct ttm_object_file *ttm_object_file_init(struct ttm_object_device *tdev,
491 unsigned int hash_order)
493 struct ttm_object_file *tfile = kmalloc(sizeof(*tfile), GFP_KERNEL);
498 if (unlikely(tfile == NULL))
501 spin_lock_init(&tfile->lock);
503 kref_init(&tfile->refcount);
504 INIT_LIST_HEAD(&tfile->ref_list);
506 for (i = 0; i < TTM_REF_NUM; ++i) {
507 ret = drm_ht_create(&tfile->ref_hash[i], hash_order);
516 for (i = 0; i < j; ++i)
517 drm_ht_remove(&tfile->ref_hash[i]);
524 struct ttm_object_device *
525 ttm_object_device_init(struct ttm_mem_global *mem_glob,
526 unsigned int hash_order,
527 const struct dma_buf_ops *ops)
529 struct ttm_object_device *tdev = kmalloc(sizeof(*tdev), GFP_KERNEL);
532 if (unlikely(tdev == NULL))
535 tdev->mem_glob = mem_glob;
536 spin_lock_init(&tdev->object_lock);
537 atomic_set(&tdev->object_count, 0);
538 ret = drm_ht_create(&tdev->object_hash, hash_order);
540 goto out_no_object_hash;
542 idr_init(&tdev->idr);
544 tdev->dmabuf_release = tdev->ops.release;
545 tdev->ops.release = ttm_prime_dmabuf_release;
546 tdev->dma_buf_size = ttm_round_pot(sizeof(struct dma_buf)) +
547 ttm_round_pot(sizeof(struct file));
555 void ttm_object_device_release(struct ttm_object_device **p_tdev)
557 struct ttm_object_device *tdev = *p_tdev;
561 WARN_ON_ONCE(!idr_is_empty(&tdev->idr));
562 idr_destroy(&tdev->idr);
563 drm_ht_remove(&tdev->object_hash);
569 * get_dma_buf_unless_doomed - get a dma_buf reference if possible.
571 * @dma_buf: Non-refcounted pointer to a struct dma-buf.
573 * Obtain a file reference from a lookup structure that doesn't refcount
574 * the file, but synchronizes with its release method to make sure it has
575 * not been freed yet. See for example kref_get_unless_zero documentation.
576 * Returns true if refcounting succeeds, false otherwise.
578 * Nobody really wants this as a public API yet, so let it mature here
581 static bool __must_check get_dma_buf_unless_doomed(struct dma_buf *dmabuf)
583 return atomic_long_inc_not_zero(&dmabuf->file->f_count) != 0L;
587 * ttm_prime_refcount_release - refcount release method for a prime object.
589 * @p_base: Pointer to ttm_base_object pointer.
591 * This is a wrapper that calls the refcount_release founction of the
592 * underlying object. At the same time it cleans up the prime object.
593 * This function is called when all references to the base object we
594 * derive from are gone.
596 static void ttm_prime_refcount_release(struct ttm_base_object **p_base)
598 struct ttm_base_object *base = *p_base;
599 struct ttm_prime_object *prime;
602 prime = container_of(base, struct ttm_prime_object, base);
603 BUG_ON(prime->dma_buf != NULL);
604 mutex_destroy(&prime->mutex);
605 if (prime->refcount_release)
606 prime->refcount_release(&base);
610 * ttm_prime_dmabuf_release - Release method for the dma-bufs we export
614 * This function first calls the dma_buf release method the driver
615 * provides. Then it cleans up our dma_buf pointer used for lookup,
616 * and finally releases the reference the dma_buf has on our base
619 static void ttm_prime_dmabuf_release(struct dma_buf *dma_buf)
621 struct ttm_prime_object *prime =
622 (struct ttm_prime_object *) dma_buf->priv;
623 struct ttm_base_object *base = &prime->base;
624 struct ttm_object_device *tdev = base->tfile->tdev;
626 if (tdev->dmabuf_release)
627 tdev->dmabuf_release(dma_buf);
628 mutex_lock(&prime->mutex);
629 if (prime->dma_buf == dma_buf)
630 prime->dma_buf = NULL;
631 mutex_unlock(&prime->mutex);
632 ttm_mem_global_free(tdev->mem_glob, tdev->dma_buf_size);
633 ttm_base_object_unref(&base);
637 * ttm_prime_fd_to_handle - Get a base object handle from a prime fd
639 * @tfile: A struct ttm_object_file identifying the caller.
640 * @fd: The prime / dmabuf fd.
641 * @handle: The returned handle.
643 * This function returns a handle to an object that previously exported
644 * a dma-buf. Note that we don't handle imports yet, because we simply
645 * have no consumers of that implementation.
647 int ttm_prime_fd_to_handle(struct ttm_object_file *tfile,
650 struct ttm_object_device *tdev = tfile->tdev;
651 struct dma_buf *dma_buf;
652 struct ttm_prime_object *prime;
653 struct ttm_base_object *base;
656 dma_buf = dma_buf_get(fd);
658 return PTR_ERR(dma_buf);
660 if (dma_buf->ops != &tdev->ops)
663 prime = (struct ttm_prime_object *) dma_buf->priv;
665 *handle = base->handle;
666 ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);
668 dma_buf_put(dma_buf);
674 * ttm_prime_handle_to_fd - Return a dma_buf fd from a ttm prime object
676 * @tfile: Struct ttm_object_file identifying the caller.
677 * @handle: Handle to the object we're exporting from.
678 * @flags: flags for dma-buf creation. We just pass them on.
679 * @prime_fd: The returned file descriptor.
682 int ttm_prime_handle_to_fd(struct ttm_object_file *tfile,
683 uint32_t handle, uint32_t flags,
686 struct ttm_object_device *tdev = tfile->tdev;
687 struct ttm_base_object *base;
688 struct dma_buf *dma_buf;
689 struct ttm_prime_object *prime;
692 base = ttm_base_object_lookup(tfile, handle);
693 if (unlikely(base == NULL ||
694 base->object_type != ttm_prime_type)) {
699 prime = container_of(base, struct ttm_prime_object, base);
700 if (unlikely(!base->shareable)) {
705 ret = mutex_lock_interruptible(&prime->mutex);
706 if (unlikely(ret != 0)) {
711 dma_buf = prime->dma_buf;
712 if (!dma_buf || !get_dma_buf_unless_doomed(dma_buf)) {
713 DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
714 struct ttm_operation_ctx ctx = {
715 .interruptible = true,
718 exp_info.ops = &tdev->ops;
719 exp_info.size = prime->size;
720 exp_info.flags = flags;
721 exp_info.priv = prime;
724 * Need to create a new dma_buf, with memory accounting.
726 ret = ttm_mem_global_alloc(tdev->mem_glob, tdev->dma_buf_size,
728 if (unlikely(ret != 0)) {
729 mutex_unlock(&prime->mutex);
733 dma_buf = dma_buf_export(&exp_info);
734 if (IS_ERR(dma_buf)) {
735 ret = PTR_ERR(dma_buf);
736 ttm_mem_global_free(tdev->mem_glob,
738 mutex_unlock(&prime->mutex);
743 * dma_buf has taken the base object reference
746 prime->dma_buf = dma_buf;
748 mutex_unlock(&prime->mutex);
750 ret = dma_buf_fd(dma_buf, flags);
755 dma_buf_put(dma_buf);
759 ttm_base_object_unref(&base);
764 * ttm_prime_object_init - Initialize a ttm_prime_object
766 * @tfile: struct ttm_object_file identifying the caller
767 * @size: The size of the dma_bufs we export.
768 * @prime: The object to be initialized.
769 * @shareable: See ttm_base_object_init
770 * @type: See ttm_base_object_init
771 * @refcount_release: See ttm_base_object_init
772 * @ref_obj_release: See ttm_base_object_init
774 * Initializes an object which is compatible with the drm_prime model
775 * for data sharing between processes and devices.
777 int ttm_prime_object_init(struct ttm_object_file *tfile, size_t size,
778 struct ttm_prime_object *prime, bool shareable,
779 enum ttm_object_type type,
780 void (*refcount_release) (struct ttm_base_object **),
781 void (*ref_obj_release) (struct ttm_base_object *,
782 enum ttm_ref_type ref_type))
784 mutex_init(&prime->mutex);
785 prime->size = PAGE_ALIGN(size);
786 prime->real_type = type;
787 prime->dma_buf = NULL;
788 prime->refcount_release = refcount_release;
789 return ttm_base_object_init(tfile, &prime->base, shareable,
791 ttm_prime_refcount_release,
projects / linux-2.6-microblaze.git / blob